Quantum authentication in wireless communication networks

ABSTRACT

A wireless communication network generates and transfers qubits to a wireless user device. The wireless communication network and the wireless user device determine polarization states for the qubits. The wireless communication network and the wireless user device exchange cryptography information. The wireless communication network and the wireless user device generate cryptography keys based on the polarization states and the cryptography information. The wireless communication network and the wireless user device encrypt and decrypt data that they exchange with one another based on the cryptography keys.

RELATED CASES

This United States Patent Application is a continuation of U.S. patentapplication Ser. No. 17/893,875 that was filed on Aug. 23, 2022 and isentitled “QUANTUM AUTHENTICATION IN WIRELESS COMMUNICATION NETWORKS.”U.S. patent application Ser. No. 17/893,875 is hereby incorporated byreference into this United States Patent Application. U.S. patentapplication Ser. No. 17/893,875 is a continuation of U.S. Pat. No.11,469,889 B1 that was filed on May 20, 2021 and is entitled “QUANTUMAUTHENTICATION IN WIRELESS COMMUNICATION NETWORKS.” U.S. Pat. No.11,469,889 B1 is hereby incorporated by reference into this UnitedStates Patent Application.

TECHNICAL BACKGROUND

Wireless communication networks provide wireless data services towireless user devices. Exemplary wireless data services includemachine-control, internet-access, media-streaming, andsocial-networking. Exemplary wireless user devices comprise phones,computers, vehicles, robots, and sensors. The wireless communicationnetworks have Radio Access Networks (RANs) which exchange wirelesssignals with the wireless user devices over radio frequency bands. Thewireless signals use wireless network protocols like Fifth GenerationNew Radio (5GNR), Long Term Evolution (LTE), Institute of Electrical andElectronic Engineers (IEEE) 802.11 (WIFI), and Low-Power Wide AreaNetwork (LP-WAN). The RANs exchange network signaling and user data withnetwork elements that are often clustered together into wireless networkcores. The RANs are connected to the wireless network cores overbackhaul data links.

The RANs comprise Radio Units (RUs), Distributed Units (DUs) andCentralized Units (CUs). The RUs are mounted at elevation and haveantennas, modulators, signal processors, and the like. The RUs areconnected to the DUs which are usually nearby network computers. The DUshandle lower wireless network layers like the Physical Layer (PHY) andMedia Access Control (MAC). The DUs are connected to the CUs which arelarger computer centers that are closer to the network cores. The CUshandle higher wireless network layers like the Radio Resource Control(RRC) and Packet Data Convergence Protocol (PDCP). The CUs are coupledto network functions in the network cores. The network cores execute thenetwork functions to provide wireless data services to the wireless userdevices over the RANs. Exemplary network functions include Access andMobility Management Functions (AMFs), Authentication Server Functions(AUSF), and Unified Data Managements (UDMs).

Authentication entails the exchange of data between a wireless userdevice and a wireless communication network so the network can confirmthe identity of the wireless user device. When the wireless user deviceattaches to the network core over the RAN, the wireless user deviceregisters with an AMF to perform authentication. The AMF interacts withthe AUSF and UDM to generate a random number and an expected result. Thewireless user device is given the random number to hash with its secretidentity code and return the expected result. The AMF matches the twoexpected results to authenticate the wireless user device. Responsive tothe authentication, the wireless user device receives wireless dataservices from the network core.

Quantum authentication uses the quantum properties of photons togenerate secret identity codes. To generate a secret identity code, aquantum device encodes a photon with various quantum states likepolarization and spin. The quantum device transfers the encoded photonto another quantum device over an optical interface like a quantumchannel. The other quantum device determines the quantum states of thephoton. The two quantum devices exchange data to select matching quantumstates. The matching quantum states comprise the secret identity codefor the two quantum devices.

Unfortunately, the AMFs and AUSFs do not effectively use quantumauthentication for the wireless user devices. Moreover, the UDMs do notefficiently generate secret identity codes for the wireless user devicesusing quantum authentication.

Technical Overview

In some examples, cryptography keys are generated and used for awireless user device. Qubits are transferred to the wireless userdevice. Polarization states are determined for the qubits. Cryptographyinformation is exchanged with the wireless user device. The cryptographykeys are generated based on the polarization states and the cryptographyinformation. Data is encrypted based on the cryptography keys. Theencrypted data is transferred to the wireless user device. Additionalencrypted data is received from the wireless user device. The additionalencrypted data is decrypted based on the cryptography keys.

In some examples, cryptography keys are generated and used in a wirelessuser device. Qubits are received from a wireless communication network.Polarization states are determined for the qubits. Cryptographyinformation is exchanged with the wireless communication network. Thecryptography keys are generated based on the polarization states and thecryptography information. Data is encrypted based on the cryptographykeys. The encrypted data is transferred to the wireless communicationnetwork. Additional encrypted data is received from the wirelesscommunication network. The additional encrypted data is decrypted basedon the cryptography keys.

In some examples, a wireless communication system generates and usescryptography keys for a wireless user device. A wireless communicationnetwork generates and transfers qubits to the wireless user device. Thewireless user device receives the qubits from the wireless communicationnetwork. The wireless communication network and the wireless user devicedetermine polarization states for the qubits. The wireless communicationnetwork and the wireless user device exchange cryptography information.The wireless communication network and the wireless user device generatethe cryptography keys based on the polarization states and thecryptography information. The wireless communication network encryptsdata based on the cryptography keys and transfers the encrypted data tothe wireless user device. The wireless user device receives theencrypted data and decrypts the encrypted data based on the cryptographykeys. The wireless user device encrypts data based on the cryptographykeys and transfers the encrypted data to the wireless communicationnetwork. The wireless communication network receives the encrypted dataand decrypts the encrypted data based on the cryptography keys.

DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a wireless communication network to perform quantumauthentication for a wireless User Equipment (UE).

FIG. 2 illustrates an exemplary operation of the wireless communicationnetwork to perform quantum authentication for the wireless UE.

FIG. 3 illustrates another exemplary operation of the wirelesscommunication network to perform quantum authentication for the wirelessUE.

FIG. 4 illustrates a Fifth Generation (5G) communication network toperform quantum authentication for quantum capable 5G UEs.

FIG. 5 illustrates the quantum capable 5G UEs in the 5G communicationnetwork.

FIG. 6 illustrates 5G RANs in the 5G communication network.

FIG. 7 illustrates quantum authentication interfaces in the 5Gcommunication network.

FIG. 8 illustrates Network Function Virtualization Infrastructure(NFVIs) in the 5G communication networks.

FIG. 9 further illustrates the NFVIs in the 5G communication networks.

FIG. 10 illustrates an exemplary operation of the 5G communicationnetwork to perform quantum authentication for the quantum capable 5GUEs.

DETAILED DESCRIPTION

FIG. 1 illustrates wireless communication network 100 network to performquantum authentication for wireless User Equipment (UE) 101. Wirelesscommunication network 100 delivers services to UE 101 like machinecommunications, internet-access, media-streaming, or some other wirelesscommunications product. Wireless communication network 100 comprises UE101, quantum link 111, and network data center 121. UE 101 comprisesuser application (APPs) 102, quantum applications 103, networkapplications 104, UE network circuitry 105, and UE quantum circuitry106. Network data center 121 comprises network authentication circuitry125 and network quantum circuitry 126. UE quantum circuitry 106 isdetachably coupled to quantum circuitry 126 over quantum link 111. UEnetwork circuitry 105 is wirelessly coupled to network authenticationcircuitry 125 over a wireless access point.

Various examples of network operation and configuration are describedherein. In some examples, network quantum circuitry 126 generates qubitsand transfers the qubits to UE quantum circuitry 106. For example,network quantum circuitry 126 may polarize and transfer photons to UE106 over quantum link 111. UE quantum circuitry 106 processes the qubitsand responsively determines polarization states for the qubits. UEquantum circuitry 106 and network quantum circuitry 126 exchangecryptography information. UE quantum circuitry 106 generatescryptography keys based on the polarization states and cryptographyinformation and transfers the cryptography keys to UE network circuitry105. Network quantum circuitry 126 generates the cryptography keys basedon the polarization states and the cryptography information andtransfers the cryptography keys to network authentication circuitry 125.UE network circuitry 105 processes the cryptography keys to generateauthentication data. For example, UE network circuitry may use thequantum key to hash a random number to generate authentication data toauthenticate with network authentication circuitry 125. UE networkcircuitry 105 wirelessly transfers the authentication data for deliveryto network authentication circuitry 125. Network authenticationcircuitry 125 responsively authenticates UE 101 based on theauthentication data and the cryptography keys. Advantageously, theauthentication circuitry 125 effectively uses quantum authentication forUE 101. Moreover, UE quantum circuitry 106 and network quantum circuitry126 efficiently generates cryptography keys for UE 101 using quantumauthentication.

In some examples, UE quantum circuitry 106 generates additionalcryptography keys based on additional qubits and transfers theadditional cryptography keys to UE network circuitry 105. UE networkcircuitry 105 and network data center 121 use the additionalcryptography keys to encrypt/decrypt network signaling and possibly userdata. Advantageously, UE 101 effectively utilizes its quantumcapabilities to securely communicate with network data center 121.

UE 101 and the wireless access point communicate over links usingwireless technologies like Fifth Generation New Radio (5GNR), Long TermEvolution (LTE), Low-Power Wide Area Network (LP-WAN), Institute ofElectrical and Electronic Engineers (IEEE) 802.11 (WIFI), Bluetooth,and/or some other type of wireless networking protocol. The wirelesstechnologies use electromagnetic frequencies in the low-band, mid-band,high-band, or some other portion of the electromagnetic spectrum. UE 101and network data center 121 communicate over quantum link 111. Quantumlink 111 comprises metallic links, glass fibers, a vacuum, and/or someother type of medium that can transfer quantum information. Quantum link111 supports quantum authentication technologies like Quantum KeyDistribution (QKD), quantum cryptography, and/or other types ofcryptography protocols that utilize quantum mechanics. The wirelessaccess point and network data center 121 communicate over various linksthat use metallic links, glass fibers, radio channels, or some othercommunication media. The links use Fifth Generation Core (5GC), IEEE802.3 (Ethernet), Time Division Multiplex (TDM), Data Over Cable SystemInterface Specification (DOCSIS), Internet Protocol (IP), General PacketRadio Service Transfer Protocol (GTP), 5GNR, LTE, WIFI, virtualswitching, inter-processor communication, bus interfaces, and/or someother data communication protocols.

UE 101 comprises a vehicle, drone, robot, computer, phone, sensor, oranother type of data appliance with wireless and quantum circuitry. Thewireless access point is depicted as a tower, but the wireless accesspoint may use another mounting structure or no mounting structure atall. The wireless access point comprises a Fifth Generation (5G) RAN,LTE RAN, gNodeB, eNodeB, NB-IoT access node, LP-WAN base station,wireless relay, WIFI hotspot, Bluetooth access nodes, and/or anotherwireless network transceiver. UE 101 and the wireless access pointcomprise antennas, amplifiers, filters, modulation, analog/digitalinterfaces, microprocessors, software, memories, transceivers, buscircuitry, and the like. Authentication circuitry 125 comprises networkfunctions like Access and Mobility Management functions (AMFs),Authentication Server Functions (AUSFs), Unified Data Management (UDM),and the like. Network quantum circuitry 126 comprises network functionslike a quantum capable UDM. UE 101, the wireless access point, andnetwork data center 121 comprise microprocessors, software, memories,transceivers, bus circuitry, and the like. The microprocessors compriseDigital Signal Processors (DSP), Central Processing Units (CPU),Graphical Processing Units (GPU), Application-Specific IntegratedCircuits (ASIC), and/or the like. The memories comprise Random AccessMemory (RAM), flash circuitry, disk drives, and/or the like. Thememories store software like operating systems, user applications, radioapplications, and network functions. The microprocessors retrieve thesoftware from the memories and execute the software to drive theoperation of wireless communication network 100 as described herein.

FIG. 2 illustrates an exemplary operation of wireless communicationnetwork 100 to perform quantum authentication for wireless UE 101. Theoperation may vary in other examples. Network quantum circuitry 126generates and transfers qubits to UE quantum circuitry 106 (201). UEquantum circuitry 106 receives and processes the qubits (202). Inresponse, UE quantum circuitry 106 determines polarization states forthe qubits and exchanges cryptography information with network quantumcircuitry 126 (203). For example, UE quantum circuitry 106 may exchangequantum information with network quantum circuitry 126 that indicatesthe measured polarizations of the qubits. UE quantum circuitry 106generates cryptography keys based on the polarization states andcryptography information and transfers the cryptography keys to UEnetwork circuitry 105 (204). UE network circuitry 105 processes thecryptography keys to generate authentication data (205). UE networkcircuitry 105 wirelessly transfers the authentication data for deliveryto network authentication circuitry 125 (206). Network authenticationcircuitry 125 receives the cryptography keys and the authentication data(207). In response, network authentication circuitry 125 authenticatesUE 101 based on the authentication data and the cryptography keys (208).

FIG. 3 illustrates an exemplary operation of wireless communicationnetwork 100 to perform quantum authentication for wireless UE 101. Theoperation may vary in other examples. Network quantum circuitry 126generates qubits. The qubits may comprise photons, electrons, atoms, orother types of particles that can transfer quantum information. Forexample, quantum circuitry 126 may polarize photons with differentpolarization states to generate the qubits. Network quantum circuitry126 transfers the qubits over quantum link 111 to UE quantum circuitry106. UE quantum circuitry 106 processes the qubits and responsivelydetermines polarization states for the qubits. Typically, UE quantumcircuitry 106 selects a measurement basis for each qubit and determinesthe polarization states for the qubits using the selected measurementbases. UE quantum circuitry 106 exchanges cryptography data thatindicates the determined polarization states with network quantumcircuitry 126. Network quantum circuitry 126 exchanges cryptography datathat indicates the selected polarization states with UE quantumcircuitry 106.

Network quantum circuitry 126 and UE quantum circuitry 106 generatecryptography keys based on the polarization states and the cryptographyinformation. For example, UE quantum circuitry 106 and network quantumcircuitry 126 may compare the polarization states determined by UEquantum circuitry 106 with the polarization states selected by networkquantum circuitry 126 to derive a quantum-based authentication key. UEquantum circuitry 106 transfers the cryptography keys to UE networkcircuitry 105. Likewise, quantum circuitry 126 transfers thecryptography keys to authentication circuitry 125.

UE network circuitry 105 processes the cryptography keys to generateauthentication data. The authentication data comprises hashes, digitalcertificates, or another type of authentication data to authenticate UE101 with network data center 121. For example, UE network circuitry 105may receive an authentication challenge from network authenticationcircuitry 125 and use the quantum key to resolve the authenticationchallenge and generate authenticate data that indicates the resolution.UE network circuitry 105 wirelessly transfers the authentication data tonetwork authentication circuitry 125 over the wireless access point.Network authentication circuitry 125 authenticates UE 101 based on theauthentication data and the cryptography keys. For example, networkauthentication circuitry 125 may receive authentication data thatindicates an authentication result from UE 401 and use its quantum-basedcryptography key to verify the authentication result supplied by UE 401.

FIG. 4 illustrates Fifth Generation (5G) communication network 400 toperform quantum authentication for UEs 401 and 402. 5G communicationnetwork 400 comprises an example of wireless communication network 100,although network 100 may differ. 5G communication network 400 comprises5G UEs 401-402, quantum links 411-412, 5G RAN 420, drone landingplatform 430, vehicle support station 440, and 5G network core 450. 5GUE 401 comprises a quantum capable unmanned aerial drone. 5G UE 402comprises a quantum capable vehicle. 5G RAN 420 comprises 5G Radio Unit(RU) 421, 5G Distributed Unit (DU) 422, and 5G Centralized Unit (CU)423. Drone landing platform 430 comprises edge Unified Data Management(UDM) 431. Vehicle support station 440 comprises edge UDM 441. 5Gnetwork core 450 comprises Access and Mobility Management Function (AMF)451, Session Management Function (SMF) 452, User Plane Function (UPF)453, Authentication Server Function (AUSF) 454, UDM 455, and PolicyControl Function (PCF) 455. Other network functions and network elementsare typically present in 5G network core 450 but are omitted forclarity.

UE 401 detachably couples to edge UDM 431 in drone landing platform 430over quantum link 411. Quantum link 411 comprises an optical interface,metallic links, glass fibers, a vacuum, and/or some other type of mediumthat can transfer or some other type of quantum capable interface thatcan transfer qubits between UE 401 and edge UDM 431. UE 401authenticates with drone landing platform 430. For example, UE 401 maywirelessly communicate with drone landing platform 430 to authenticateitself via Fifth Generation Authentication Key Agreement (5G AKA),Extensible Authentication Protocol (EAP), or some other type ofauthentication protocol. In some examples, UE 401 may havepre-authenticated with 5G core 450. For example, 5G network 400 mayconfigure UE 401 with a unique ID that indicates its identity andquantum capability, and UE 401 may use this unique ID to authenticateitself with drone landing platform 430 to initiate quantumauthentication. In response to the authentication, edge UDM 431initiates a Quantum Key Distribution (QKD) procedure with UE 401. TheQKD procedure comprises QKD protocols like BB84 protocol, an E91protocol, or another type of QKD protocol. Edge UDM 431 generates qubitsfor UE 401. The number of qubits generated by edge UDM 431 is notlimited. Edge UDM 431 selects a polarization basis for individual onesof the qubits and polarizes the qubits using their selected polarizationbases. Typically, edge UDM 431 selects either a vertical or horizontalpolarization basis for each of the qubits. A vertically polarized qubitmay comprise a vertical sinusoidal plane electromagnetic wave and ahorizontally polarized qubit may comprise a horizontal sinusoidal planeelectromagnetic wave. Edge UDM 431 transfers the polarized qubits to UE401 over quantum link 411. The qubits may comprise entangled ornon-entangled qubits. For example, edge UDM 431 may entangle pairs ofphotons and transfer one of the photons from each entangled pair to UE401.

UE 401 receives the qubits from edge UDM 431. UE 401 selects ameasurement basis for individual ones of the qubits received from edgeUDM 431. For example, UE 401 may select a rectilinear measurement basisfor a first qubit and may select a diagonal measurement basis for asecond qubit. UE 401 determines the polarizations of the received qubitsusing the corresponding measurement basis for each of the receivedqubits. UE 401 wirelessly indicates the determined polarizations of thereceived qubits to edge UDM 431. Edge UDM 431 wirelessly indicates thepolarizations it selected for each of the transferred qubits to UE 401.Edge UDM 431 and UE 401 generate an authentication key for UE 401 basedon the determined polarizations of the received qubits and the selectedpolarizations for the transferred qubits. Typically, UDM 431 and UE 401derive the key based on the qubits where the polarizations for thetransferred qubits matched the determined polarizations for the receivedqubits. UDM 431 transfers the authentication key for UE 401 to UDM 455over a secure channel. The secure channel could be an encrypted datalink, although other forms of private communication including hand/dronedelivery are possible.

To generate communication keys, edge UDM 431 initiates another QKDprocedure with UE 401. Edge UDM 431 generates additional qubits for UE401. Edge UDM 431 selects a polarization basis for individual ones ofthe additional qubits and polarizes the additional qubits using theirselected polarization bases. Edge UDM 431 transfers the additionalpolarized qubits to UE 401 over quantum link 411. UE 401 receives theadditional qubits from edge UDM 431. UE 401 determines the polarizationsof the additional qubits. UE 401 wirelessly indicates the determinedpolarizations of the additional qubits to edge UDM 431. Edge UDM 431 andUE 401 generate communication keys for UE 401 based on the determinedpolarizations of the additional qubits. UDM 431 transfers thecommunication keys for UE 401 to UDM 455 over the secure channel. UE 401detaches from drone landing platform 430 and moves to another location.

UE 401 wirelessly attaches to RU 421 and transfers attachment signalingto CU 423 over RU 421 and DU 422. CU 423 establishes a Radio ResourceControl (RRC) connection with UE 401. CU 423 transfers a registrationrequest for UE 401 to AMF 451. AMF 451 transfers an identity request forUE 401 in Non-Access Stratum (NAS) signaling to CU 423. CU 423 forwardsthe identity request to UE 401 over DU 422 and RU 421. In response, UE401 indicates its identity to CU 423 over RU 421 and DU 423. CU 423forwards the identity indication for UE 401 to AMF 451. AMF 451 selectsAUSF 454 to authenticate UE 401 for wireless services. AMF 451 transfersan authentication request for UE 401 to AUSF 454.

AUSF 454 selects UDM 455 to authenticate UE 401. AUSF 454 requestsauthentication keys for UE 401 from UDM 455. UDM 455 transfersauthentication data for UE 401 to AUSF 454. The authentication dataindicates the quantum derived authentication key for UE 401. AUSF 454uses the quantum derived authentication key for UE 401 and a randomnumber to generate an expected result. AUSF 454 transfers the randomnumber and the expected result for UE 401 to AMF 451. AMF 451 transfersthe random number for UE 401 to CU 423 in NAS signaling. CU 423 forwardsthe random number to UE 401 in NAS signaling over DU 422 and RU 421. UE401 hashes the random number with its quantum derived authentication keyto generate the same expected result. UE 401 transfers the expectedresult to CU 423. CU 423 forwards the expected result to AMF 451. AMF451 matches the two expected results to authenticate the identity of UE401.

Responsive to the authentication and authorization, AMF 451 requests UEcontext for UE 401 from UDM 455. UDM 455 transfers UE context for UE 401to AMF 451. The UE context comprises the quantum communication keys,Quality-of-Service (QoS) metrics, default slice identifiers, and defaultnetwork addresses in accordance with the roaming agreement. AMF 451interacts with PCF 456 to retrieve service policies for UE 401. AMF 451selects SMF 452 to establish a Protocol Data Unit (PDU) session for UE401 based on the UE context and the service policies. SMF 452 interactswith UPF 453 to establish the PDU session for UE 401. SMF 452 transferssession context for the PDU session to AMF 451. AMF 451 transfers thesession context to UE 401 over RAN 420, and AMF 451 and UE 401 may usethe quantum communication keys for encryption/decryption of the networksignaling. UE 401 uses the context to initiate the PDU session. UE 401wirelessly exchanges user data with CU 423 over RU 421 and DU 422. CU423 exchanges the user data with UPF 453. UE 401 and UPF 453 may alsoquantum communication keys for encryption/decryption of the user data.UPF 453 exchanges the user data with external systems and may use thequantum communication keys for end-to-end security—the quantumcommunication keys being securely communicated to the end point.

In a similar manner, UE 402 detachably couples to edge UDM 441 invehicle support station 440 over quantum link 412. Quantum link 412comprises an optical interface, metallic links, glass fibers, a vacuum,and/or some other type of medium that can transfer or some other type ofquantum capable interface that can transfer qubits between UE 401 andedge UDM 431. UE 402 authenticates with vehicle support station 440. Inresponse to the authentication, edge UDM 441 initiates a QKD procedurewith UE 402. Edge UDM 441 generates qubits for UE 402. Edge UDM 441selects a polarization basis for individual ones of the qubits andpolarizes the qubits in accordance with their selected polarizationbases. Edge UDM 441 transfers the polarized qubits to UE 402 overquantum link 412. UE 402 receives the qubits from edge UDM 441. UE 402selects a measurement basis for each of the individual qubits receivedfrom edge UDM 441. UE 402 determines the polarizations of the receivedqubits using the corresponding selected measurement basis for each ofthe received qubits. UE 402 wirelessly indicates the determinedpolarizations of the received qubits to edge UDM 441. Edge UDM 441wirelessly indicates the polarizations it selected for each of thetransferred qubits to UE 402. Edge UDM 441 and UE 402 generate anauthentication key for UE 402 based on the determined polarizations ofthe received qubits and the selected polarizations for the transferredqubits. Edge UDM 441 transfers the authentication key for UE 402 to UDM455 over a classical communications channel. For example, edge UDM 441may encrypt the quantum authentication key for UE 402 using a 5GCcryptography protocol and transfer the quantum authentication key to UDM455 over a secure classical channel.

In some examples, UEs 401-402 may lack the ability to process anddetermine polarizations of qubits. In this case, drone landing platform430 and/or vehicle support station 440 identify the qubit polarizationsfor UEs 401-402 and indicate the polarization states to UEs 401-402. UEs401-402 may use the indicated polarizations to derive theirquantum-based authentication keys.

To generate communication keys, edge UDM 441 initiates another QKDprocedure with UE 402. Edge UDM 441 generates additional qubits for UE402. Edge UDM 441 selects a polarization basis for individual ones ofthe additional qubits and polarizes the additional qubits using theirselected polarization bases. Edge UDM 441 transfers the additionalpolarized qubits to UE 402 over quantum link 412. UE 402 receives theadditional qubits from edge UDM 441. UE 402 determines the polarizationsof the additional qubits. UE 402 wirelessly indicates the determinedpolarizations of the additional qubits to edge UDM 441. Edge UDM 441 andUE 402 generate communication keys for UE 402 based on the determinedpolarizations of the additional qubits. UDM 441 transfers thecommunication keys for UE 402 to UDM 455 over the secure channel. UE 402detaches from vehicle support station 440 and moves to another location.

UE 402 wirelessly attaches to RU 421 and transfers attachment signalingto CU 423 over RU 421 and DU 422. CU 423 establishes an RRC connectionwith UE 402. CU 423 transfers a registration request for UE 402 to AMF451. AMF 451 transfers an identity request to UE 402 in NAS signalingover RAN 420. In response, UE 402 indicates its identity to AMF 451 overRAN 420. AMF 451 selects AUSF 454 to authenticate UE 402 for wirelessservices and transfers an authentication request for UE 402.

AUSF 454 selects UDM 455 to authenticate UE 402. AUSF 454 requestsauthentication keys for UE 402 from UDM 455. UDM 455 transfersauthentication data for UE 401 that indicates the quantum derivedauthentication key to AUSF 454. AUSF 454 uses the quantum derivedauthentication key for UE 402 and a random number to generate anexpected result. AUSF 454 transfers the random number and the expectedresult for UE 402 to AMF 451. AMF 451 transfers the random number for UE401 over RAN 420. UE 402 hashes the random number with its quantumderived authentication key to generate the same expected result. UE 402transfers the expected result to AMF 451 over RAN 420. AMF 451 matchesthe two expected results to authenticate the identity of UE 402.

Responsive to the authentication and authorization, AMF 451 retrieves UEcontext for UE 402 from UDM 455. AMF 451 retrieves retrieve servicepolicies for UE 402 from PCF 456. AMF 451 selects SMF 452 to establish aPDU session for UE 402 based on the UE context and the service policies.SMF 452 selects UPF 453 to establish the PDU session for UE 402. SMF 452transfers session context for the PDU session to AMF 451. AMF 451transfers the session context to UE 402 over RAN 420. AMF 451 and UE 402may use the quantum communication key for UE 402 forencryption/decryption of network signaling. UE 402 uses the context toinitiate the PDU session. UE 402 wirelessly exchanges user data with UPF453 over RAN 420. UPF 453 and UE 402 may use the quantum communicationkey for UE 402 for encryption/decryption of user data.

FIG. 5 illustrates quantum capable 5G UEs 401 and 402 in 5Gcommunication network 400. UEs 401 comprises an example of UE 101,although UE 101 may differ. UE 402 may comprise similar architecture toUE 401, however UE 402 may be different. UE 401 comprises 5G radio 501,quantum circuitry 502, and user circuitry 503. Radio 501 comprisesantennas, amplifiers, filters, modulation, analog-to-digital interfaces,Digital Signal Processers (DSP), memory, and transceivers that arecoupled over bus circuitry. Quantum circuitry 502 comprises an opticalport, a qubit receiver, and transceivers that are coupled over buscircuitry. User circuitry 503 comprises memory, CPU, user interfaces andcomponents, and transceivers that are coupled over bus circuitry. Thememory in user circuitry 503 stores an operating system (OS), userapplications (USER), Quantum Applications (Q-APP), and 5GNR networkapplications for Physical Layer (PHY), Media Access Control (MAC), RadioLink Control (RLC), Packet Data Convergence Protocol (PDCP), ServiceData Adaptation Protocol (SDAP), and Radio Resource Control (RRC). Theantenna in radio 501 is wirelessly coupled to 5G RAN 420 over a 5GNRlink. The quantum interface in quantum circuitry 502 is coupled to edgeUDM 431 over quantum link 411. A transceiver in radio 501 is coupled toa transceiver in user circuitry 503. A transceiver in quantum circuitry502 is coupled to a transceiver in user circuitry 503. A transceiver inuser circuitry 503 is typically coupled to the user interfaces andcomponents like displays, controllers, and memory.

In radio 501, the antennas receive wireless signals from 5G RAN 420 thattransport downlink 5GNR signaling and data. The antennas transfercorresponding electrical signals through duplexers to the amplifiers.The amplifiers boost the received signals for filters which attenuateunwanted energy. Demodulators down-convert the amplified signals fromtheir carrier frequency. The analog/digital interfaces convert thedemodulated analog signals into digital signals for the DSPs. The DSPstransfer corresponding 5GNR symbols to user circuitry 503 over thetransceivers. In user circuitry 503, the CPU executes the networkapplications to process the 5GNR symbols and recover the downlink 5GNRsignaling and data. The 5GNR network applications receive new uplinksignaling and data from the user applications. The network applicationsprocess the uplink user signaling and the downlink 5GNR signaling togenerate new downlink user signaling and new uplink 5GNR signaling. Thenetwork applications transfer the new downlink user signaling and datato the user applications. The 5GNR network applications process the newuplink 5GNR signaling and user data to generate corresponding uplink5GNR symbols that carry the uplink 5GNR signaling and data.

In radio 501, the DSP processes the uplink 5GNR symbols to generatecorresponding digital signals for the analog-to-digital interfaces. Theanalog-to-digital interfaces convert the digital uplink signals intoanalog uplink signals for modulation. Modulation up-converts the uplinkanalog signals to their carrier frequency. The amplifiers boost themodulated uplink signals for the filters which attenuate unwantedout-of-band energy. The filters transfer the filtered uplink signalsthrough duplexers to the antennas. The electrical uplink signals drivethe antennas to emit corresponding wireless 5GNR signals to 5G RAN 420that transport the uplink 5GNR signaling and data.

In quantum circuitry 502, the optical port couples to one of edge UDM431 over the quantum link 411. The quantum interface receives qubitsfrom edge UDM 431 and passes the qubits to the qubit receiver. The qubitreceiver determines the polarizations for the received qubits usingmeasurement bases indicated by the Q-APP. The measurement bases used bythe qubit receiver may be selected by the Q-APP at random, semi-random,or may be pre-defined. Typically, the selected measurement bases arechosen in a secure manner so that they remain private to the UE duringkey generation. The qubit receiver indicates the determinedpolarizations to user circuitry 503 over the transceivers.

The Q-APP in UE 401 and edge UDM 431 exchange the polarization statesdetermined by the qubit processor and the polarization states that theedge UDM encoded the qubits with. The Q-APP UE 401 and the edge UDM maywirelessly exchange the polarization states over 5G radio 501 or quantumcircuitry 502. The Q-APP compares the determined polarization states andthe polarization states that the edge UDM encoded the qubits with. TheQ-APP identifies qubits that have a determined polarization state thatis the same as the encoded polarization state. Typically, around 50% ofthe qubits will have polarization states that will be the same. TheQ-APP generates an authentication key based on the qubits with matchingpolarization states.

In some examples, UEs 401-402 may lack 5G radio capabilities and mayinstead attach to 5G network core 450 using non-Third GenerationPartnership Project (3GPP) protocols like WIFE or ethernet. In thisexample, UEs 401-402 may attach to 5G network core 450 over a non-3GPPaccess node and a Non-3GPP Interworking Function (N3IWF). UEs 401-402may use their quantum keys to authenticate with network core 450 overlinks that traverse the non-3GPP access node and the N3IWF.

RRC functions comprise authentication, security, handover control,status reporting, QoS, network broadcasts and pages, and networkselection. SDAP functions comprise QoS marking and flow control. PDCPfunctions comprise security ciphering, header compression anddecompression, sequence numbering and re-sequencing, de-duplication. RLCfunctions comprise Automatic Repeat Request (ARQ), sequence numberingand resequencing, segmentation and resegmentation. MAC functionscomprise buffer status, power control, channel quality, Hybrid ARQ(HARQ), user identification, random access, user scheduling, and QoS.PHY functions comprise packet formation/deformation,windowing/de-windowing, guard-insertion/guard-deletion,parsing/de-parsing, control insertion/removal,interleaving/de-interleaving, Forward Error Correction (FEC)encoding/decoding, channel coding/decoding, channelestimation/equalization, and rate matching/de-matching,scrambling/descrambling, modulation mapping/de-mapping, layermapping/de-mapping, precoding, Resource Element (RE) mapping/de-mapping,Fast Fourier Transforms (FFTs)/Inverse FFTs (IFFTs), and DiscreteFourier Transforms (DFTs)/Inverse DFTs (IDFTs). Q-APP functions comprisemeasurement basis selection, qubit polarization identification, andquantum key generation.

FIG. 6 illustrates 5G RU 421, 5G DU 422, and 5G CU 423 in 5Gcommunication network 400. RU 421, DU 422, and CU 423 comprise anexample of the wireless access point illustrated in FIG. 1 , althoughthe wireless access point may differ. RU 421 comprises antennas,amplifiers, filters, modulation, analog-to-digital interfaces, DSP,memory, and transceivers (XCVRs) that are coupled over bus circuitry.UEs 401-402 are wirelessly coupled to the antennas in RU 421 over 5GNRlinks. Transceivers in 5G RU 421 are coupled to transceivers in 5G DU422 over fronthaul links like enhanced Common Public Radio Interface(eCPRI). The DSPs in RU 421 executes their operating systems and radioapplications to exchange 5GNR signals with UEs 401-402 and to exchange5GNR data units with DU 422.

For the uplink, the antennas receive wireless signals from UEs 401-402that transport uplink 5GNR signaling and data. The antennas transfercorresponding electrical signals through duplexers to the amplifiers.The amplifiers boost the received signals for filters which attenuateunwanted energy. Demodulators down-convert the amplified signals fromtheir carrier frequencies. The analog/digital interfaces convert thedemodulated analog signals into digital signals for the DSPs. The DSPstransfer corresponding 5GNR symbols to DU 422 over the transceivers.

For the downlink, the DSPs receive downlink 5GNR symbols from DU 422.The DSPs process the downlink 5GNR symbols to generate correspondingdigital signals for the analog-to-digital interfaces. Theanalog-to-digital interfaces convert the digital signals into analogsignals for modulation. Modulation up-converts the analog signals totheir carrier frequencies. The amplifiers boost the modulated signalsfor the filters which attenuate unwanted out-of-band energy. The filterstransfer the filtered electrical signals through duplexers to theantennas. The filtered electrical signals drive the antennas to emitcorresponding wireless signals to 5G UEs 401-402 that transport thedownlink 5GNR signaling and data.

DU 422 comprises memory, CPU, and transceivers that are coupled over buscircuitry. The memory in 5G DU 422 stores operating systems and 5GNRnetwork applications like PHY, MAC, and RLC. CU 423 comprises memory,CPU, and transceivers that are coupled over bus circuitry. The memory inCU 423 stores an operating system and 5GNR network applications likePDCP, SDAP, and RRC. Transceivers in 5G DU 422 are coupled totransceivers in RU 421 over front-haul links. Transceivers in DU 422 arecoupled to transceivers in CU 423 over mid-haul links. A transceiver inCU 423 is coupled to network core 450 over backhaul links.

RLC functions comprise ARQ, sequence numbering and resequencing,segmentation and resegmentation. MAC functions comprise buffer status,power control, channel quality, HARQ, user identification, randomaccess, user scheduling, and QoS. PHY functions comprise packetformation/deformation, guard-insertion/guard-deletion,parsing/de-parsing, control insertion/removal,interleaving/de-interleaving, FEC encoding/decoding, channelcoding/decoding, channel estimation/equalization, and ratematching/de-matching, scrambling/descrambling, modulationmapping/de-mapping, layer mapping/de-mapping, precoding, REmapping/de-mapping, FFTs/IFFTs, and DFTs/IDFTs. PDCP functions includesecurity ciphering, header compression and decompression, sequencenumbering and re-sequencing, de-duplication. SDAP functions include QoSmarking and flow control. RRC functions include authentication,security, handover control, status reporting, QoS, network broadcastsand pages, and network selection.

FIG. 7 illustrates drone landing platform 430 and vehicle supportstation 440 in 5G communication network 400. Drone landing platform 430and vehicle support station 440 comprise examples of network quantumcircuitry 126, however network quantum circuitry 126 may differ. Dronelanding platform 430 and vehicle support station 440 comprise opticalports, qubit transmitters, and edge UDMs 431 and 441. Edge UDMs 431 and441 comprise network applications for polarization, key generation, andcore interfacing. The core interfaces exchange authenticationinformation and quantum derived keys for UEs 401-402 with UDM 455 oversecure communications channels. The core interfaces may encrypt andtransfer information using Fifth Generation Core (5GC) communicationprotocols to UDM 455 where UDM 455 decrypts the information uponreceipt. The key generation applications generate quantum derivedauthentication keys for UEs 401-402 based on the polarization states ofthe qubits. The polarization applications select polarization bases forthe qubit transmitters. The qubit transmitters generate and polarize thequbits using the indicated polarization bases from the polarizationapplication. The optical ports couple to quantum links 411-412 andtransfer the polarized qubits to UEs 401-402. In some examples, dronelanding platform 430 and vehicle support station 440 host a Q-APP forUEs 401-402 to determine and indicate qubit polarizations for UEs401-402.

FIG. 8 illustrates Network Function Virtualization Infrastructure (NFVI)800 and edge UDM 431 in 5G communication network 400. NFVI 800 comprisesan example of network authentication circuitry 125, although networkauthentication circuitry 125 may vary from this example. Edge UDM 431comprises an example of network quantum circuitry 126, although networkquantum circuitry 126 may vary from this example. NFVI 800 comprisesNFVI hardware 801, NFVI hardware drivers 802, NFVI operating systems803, NFVI virtual layer 804, and NFVI Virtual Network Functions (VNFs)805. NFVI hardware 801 comprises Network Interface Cards (NICs), CPU,RAM, Flash/Disk Drives (DRIVE), and Data Switches (SW). NFVI hardwaredrivers 802 comprise software that is resident in the NIC, CPU, RAM,DRIVE, and SW. NFVI operating systems 803 comprise kernels, modules,applications, containers, hypervisors, and the like. NFVI virtual layer804 comprises vNIC, vCPU, vRAM, vDRIVE, and vSW. NFVI VNFs 805 compriseAMF 851, SMF 852, UPF 853, AUSF 854, UDM 855, and PCF 856. AdditionalVNFs and network elements like Network Slice Selection Function (NSSF),Unified Data Registry (UDR), and Network Exposure Function (NEF) aretypically present but are omitted for clarity. NFVI 800 may be locatedat a single site or be distributed across multiple geographic locations.The NIC in NFVI hardware 801 is coupled to 5G RAN 420, to a NIC in edgeUDM hardware 811, and to external systems. NFVI hardware 801 executesNFVI hardware drivers 802, NFVI operating systems 803, NFVI virtuallayer 804, and NFVI VNFs 805 to form AMF 451, SMF 452, UPF 423, AUSF454, UDM 455, and PCF 456.

Edge UDM 431 comprises edge UDM hardware 811, edge UDM hardware drivers812, edge UDM operating systems 813, edge UDM virtual layer 814, andedge UDM applications (APPs) 815. Edge UDM 441 may comprise similararchitecture to edge UDM 431, however edge UDM 441 may differ. Edge UDMhardware 811 comprises NICs, CPU, RAM, DRIVE, and SW. Edge UDM hardwaredrivers 812 comprise software that is resident in the NIC, CPU, RAM,DRIVE, and SW. Edge UDM operating systems 813 comprise kernels, modules,applications, containers, hypervisors, and the like. Edge UDM virtuallayer 814 comprises vNIC, vCPU, vRAM, vDRIVE, and vSW. Edge UDMapplications 815 comprise applications for core interfacing,polarization, and key generation. Edge UDM 431 may be located at asingle site or be distributed across multiple geographic locations. TheNIC in edge UDM hardware 811 is coupled to UE 401 and to a NIC in NFVIhardware 801. Edge UDM hardware 811 executes edge UDM hardware drivers812, edge UDM operating systems 813, edge UDM virtual layer 814, andedge UDM applications 815 to form the core interfacing, polarization,and key generation applications.

FIG. 9 further illustrates NFVI 800, edge UDMs 431 and 441 in 5Gcommunication network 400. AMF 451 performs UE registration andconnection, UE connection/mobility management, and UE authentication andauthorization. SMF 452 performs session establishment and management,UPF selection and control, and network address allocation. UPF 423performs packet routing & forwarding, QoS handling, and PDUinterconnection and serving. AUSF performs UE access authentication. UDM455 performs UE subscription management, key generation, and edge UDMinterfacing. PCF 426 performs network policy management and networkrules distribution. Edge UDMs 431 and 441 perform qubit generation andpolarization, quantum generation and distribution, and network core UDMinterfacing.

In this example, UE 401 lands on drone landing platform 401 andinteracts with edge UDM 431 to generate a quantum authentication key,however the operation may differ in other examples. UE 401 lands ondrone landing platform 430 and detachably couples to edge UDM 431 indrone landing platform 430 over quantum link 411. UE 401 establishes asecure wireless channel with drone landing platform 430 and responsivelyauthenticates itself. In response to the authentication, edge UDM 431initiates a QKD procedure with UE 401. Edge UDM 431 generates qubits forUE 401. Edge UDM 431 selects a polarization bases for the qubits andpolarizes the qubits according to their selected polarization bases. Forexample, edge UDM 431 may horizontally polarize a first qubit and mayvertically polarize a second qubit. Edge UDM 431 transfers the polarizedqubits to UE 401 over quantum link 411.

UE 401 selects a measurement bases for the qubits received from edge UDM431. UE 401 determines the polarizations of the received qubits usingthe corresponding measurement basis for the qubits. For example, UE 401may determine the polarization of a first qubit using a rectilinearmeasurement basis and may determine the polarization of a second qubitusing a diagonal measurement basis. The determined polarizations maydiffer based on the measurement basis used. UE 401 wirelessly indicatesthe determined polarizations of the received qubits to edge UDM 431 overdrone landing platform 430. Edge UDM 431 wirelessly indicates thepolarizations it selected to UE 401 over drone landing platform 430.Edge UDM 431 and UE 401 generate a quantum derived authentication keyfor UE 401 based on the determined polarizations and the selectedpolarizations for the qubits. UDM 431 encrypts its copy of the quantumderived key and transfers the quantum derived key to UDM 455 over asecure channel. UDM 455 decrypts and securely stores the quantum derivedkey for UE 401. For example, edge UDM 431 and UDM 455 may use 5GCencryption/decryption protocols to exchange the quantum derived key. UE401 securely stores its copy of the quantum derived key.

Edge UDM 431 initiates another QKD procedure with UE 401. Edge UDM 431generates additional qubits for UE 401. Edge UDM 431 selects apolarization basis for individual ones of the additional qubits andpolarizes the additional qubits using their selected polarization bases.Edge UDM 431 transfers the additional polarized qubits to UE 401 overquantum link 411. UE 401 receives the additional qubits from edge UDM431. UE 401 determines the polarizations of the additional qubits. UE401 wirelessly indicates the determined polarizations of the additionalqubits to edge UDM 431. Edge UDM 431 and UE 401 generate quantumcommunication keys for UE 401 based on the determined polarizations ofthe additional qubits. UDM 431 transfers the communication keys for UE401 to UDM 455 over the secure channel. UE 401 detaches from quantumlink 411. UE 401 takes off from drone landing platform 430 and flies toanother location.

AMF 451 receives a registration request for UE 401 from RAN 420. AMF 451transfers an identity request in NAS signaling to UE 401 over RAN 420.AMF 451 receives NAS signaling from UE 401 that indicates the identityfor UE 401. AMF 451 processes the identity and responsively selects AUSF454 to authenticate UE 401 for wireless services. AMF 451 transfers anauthentication request that indicates the identity of UE 401 to AUSF454. AUSF 454 receives the authentication request and selects UDM 455 toauthenticate UE 401. AUSF 454 requests authentication keys for UE 401from UDM 455. UDM 455 transfers authentication data and the quantumderived authentication key for UE 401 to AUSF 454. AUSF 454 uses thequantum derived authentication key and a random number to generate anexpected result for UE 401 to authenticate itself. AUSF 454 transfersthe expected result and the random number to AMF 451. AMF 451 transfersNAS signaling that indicates the random number to UE 401 over RAN 420.AMF 451 receives NAS signaling that indicates the expected result fromUE 401 over RAN 420. AMF 451 matches the expected result from AUSF 454with the expected result from UE 401 to authenticate the identity of UE401.

Responsive to the authentication and authorization, AMF 451 retrieves UEcontext for UE 401 from UDM 455. AMF 451 retrieves service policies forUE 401 from PCF 456. AMF 451 selects SMF 452 to establish a PDU sessionfor UE 401 based on the UE context and the service policies. SMF 452selects UPF 453 to establish the PDU session for UE 401. SMF 452transfers session context for the PDU session to AMF 451. AMF 451encrypts the session context using the quantum derived communication keyfor UE 401 and transfers the session context to UE 401 over RAN 420. UE401 uses its quantum derived communication key to decrypt the sessioncontext. UPF 453 exchanges user data with UE 401 over RAN 420. UPF 453and UE 401 encrypt/decrypt the user data using the quantum derivedcommunication keys.

FIG. 10 illustrates an exemplary operation of 5G communication network400 to perform quantum authentication for quantum capable 5G UE 402. Theoperation may vary in other examples. In this example, UE 402 drives tovehicle support station 440 and interacts with edge UDM 441 to generatea quantum authentication key, however operation may differ in otherexamples.

UE 402 drives to vehicle support station 440 and couples to edge UDM 441over quantum link 412. The Q-APP in UE 402 establishes a secure wirelesschannel with vehicle support station 440 and authenticates with vehiclesupport station 440. In response to the authentication, edge UDM 441initiates a QKD procedure with UE 402. Edge UDM 441 generates entangledpairs of qubits for UE 402. Edge UDM 441 polarizes the entangled pairsof qubits according to the selected polarization basis for individualpairs of the qubits. Edge UDM 441 transfers a polarized qubit from eachentangled pair to UE 402 over quantum link 412. UE 402 receives thequbits from edge UDM 441. The Q-APP in UE 402 selects a measurementbasis for each of the individual qubits received from edge UDM 441. TheQ-APP in UE 402 determines the polarizations of the received qubitsusing the selected measurement bases for each of the received qubits.The Q-APP in UE 402 wirelessly indicates the determined polarizations ofthe received qubits to edge UDM 441. Edge UDM 441 wirelessly indicatesthe polarizations it selected for each of the transferred qubits to theQ-APP in UE 402. Edge UDM 441 and the Q-APP in UE 402 generate anauthentication key for UE 402 based on the determined polarizations andselected polarizations of the qubits. UDM 441 encrypts and transfers thequantum authentication key to UDM 455. UDM 455 receives and decrypts thequantum authentication key for UE 402.

Edge UDM 441 initiates another QKD procedure with UE 402. Edge UDM 441generates additional qubits for UE 402. Edge UDM 441 selects apolarization basis for individual ones of the additional qubits andpolarizes the additional qubits using their selected polarization bases.Edge UDM 441 transfers the additional polarized qubits to UE 402 overquantum link 412. UE 402 receives the additional qubits from edge UDM441. UE 402 determines the polarizations of the additional qubits. UE402 wirelessly indicates the determined polarizations of the additionalqubits to edge UDM 441. Edge UDM 441 and UE 402 generate quantumcommunication keys for UE 402 based on the determined polarizations ofthe additional qubits. Edge UDM 441 transfers the communication keys forUE 402 to UDM 455 over the secure channel. UE 402 detaches from quantumlink 412. UE 402 drives to another location.

At the other location, a user application in UE 402 executes. Inresponse, the RRC in UE 402 wirelessly attaches to the RRC in CU 423 andtransfers attachment signaling to the RRC in CU 423 over the PDCPs,RLCs, MACs, and PHYs. The RRC in CU 423 establishes a Radio ResourceControl (RRC) connection with the RRC in UE 402 over the PDCPs, RLCs,MACs, and PHYs. The RRC in CU 423 transfers a registration request forUE 402 to AMF 451. AMF 451 transfers NAS signaling that indicates anidentity request for UE 402 to the RRC in CU 423. The RRC in CU 423forwards the NAS signaling to the RRC in UE 402 over the PDCPs, RLCs,MACs, and PHYs. In response, the RRC in UE 402 transfers NAS signalingthat indicates its identity to the RRC in CU 423 over the PDCPs, RLCs,MACs, and PHYs. The RRC in CU 423 forwards the NAS signaling to AMF 451.AMF 451 identifies UE 402 and selects AUSF 454 to authenticate UE 402.AMF 451 transfers an authentication request for UE 402 to AUSF 454.

AUSF 454 selects UDM 455 to authenticate UE 402. AUSF 454 retrieves thequantum authentication key for UE 402 from UDM 455. AUSF 454 generatesan expected result for UE 402 using the quantum authentication key and arandom number. AUSF 454 transfers the expected result and the randomnumber to AMF 451. AMF 451 stores the expected result from AUSF 451 andtransfers NAS signaling that indicates the random number to the RRC inCU 423. The RRC in CU 423 forwards the NAS signaling to the RRC in UE402 over the PDCPs, RLCs, MACs, and PHYs. The RRC in UE 402 transfersthe random number to the Q-APP. The Q-APP hashes the quantumauthentication key and the random number to generate an expectedresponse. The Q-APP transfers the expected response to the RRC. The RRCin UE 402 transfers NAS signaling that indicates the expected responseto the RRC in CU 423 over the PDCPs, RLCs, MACs, and PHYs. The RRC in CU423 forwards the NAS signaling to AMF 451. AMF 451 processes the NASsignaling and identifies expected response. AMF 451 responsively matchesthe expected response from UE 402 with expected response from AUSF 454to authenticate the identity of UE 402.

Responsive to the authentication and authorization, AMF 451 retrieves UEcontext for UE 402 from UDM 455 and retrieves service policies for UE402 from PCF 456. AMF 451 selects SMF 452 to establish a PDU session forUE 402 based on the UE context and the service policies. SMF 452 selectsUPF 453 to establish the PDU session for UE 402 based on the UE context.SMF 452 transfers session context for the PDU session to AMF 451. AMF451 encrypts the session context using the quantum communication key andtransfers the session context to the RRC in CU 423. The RRC in CU 423forwards the encrypted session context to the RRC in UE 402 over thePDCPs, RLCs, MACs, and PHYs. The RRC in UE 402 transfers the sessioncontext to the Q-APP. The Q-APP decrypts the session context with thequantum communication key and transfers the decrypted session context tothe RRC. The RRC in UE 402 directs the SDAP to use the context toinitiate the PDU session. The SDAP in UE 402 exchanges user data withthe SDAP in CU 423 over the PDCPs, RLCs, MACs, and PHYs. The SDAP in CU423 exchanges user data with UPF 453. UPF 453 exchanges the user datawith external systems.

The wireless data network circuitry described above comprises computerhardware and software that form special-purpose network circuitry toperform quantum authentication for quantum capable 5G UEs. The computerhardware comprises processing circuitry like CPUs, DSPs, GPUs,transceivers, bus circuitry, and memory. To form these computer hardwarestructures, semiconductors like silicon or germanium are positively andnegatively doped to form transistors. The doping comprises ions likeboron or phosphorus that are embedded within the semiconductor material.The transistors and other electronic structures like capacitors andresistors are arranged and metallically connected within thesemiconductor to form devices like logic circuitry and storageregisters. The logic circuitry and storage registers are arranged toform larger structures like control units, logic units, andRandom-Access Memory (RAM). In turn, the control units, logic units, andRAM are metallically connected to form CPUs, DSPs, GPUs, transceivers,bus circuitry, and memory.

In the computer hardware, the control units drive data between the RAMand the logic units, and the logic units operate on the data. Thecontrol units also drive interactions with external memory like flashdrives, disk drives, and the like. The computer hardware executesmachine-level software to control and move data by driving machine-levelinputs like voltages and currents to the control units, logic units, andRAM. The machine-level software is typically compiled from higher-levelsoftware programs. The higher-level software programs comprise operatingsystems, utilities, user applications, and the like. Both thehigher-level software programs and their compiled machine-level softwareare stored in memory and retrieved for compilation and execution. Onpower-up, the computer hardware automatically executesphysically-embedded machine-level software that drives the compilationand execution of the other computer software components which thenassert control. Due to this automated execution, the presence of thehigher-level software in memory physically changes the structure of thecomputer hardware machines into special-purpose network circuitry toperform quantum authentication for quantum capable 5G UEs.

The above description and associated figures teach the best mode of theinvention. The following claims specify the scope of the invention. Notethat some aspects of the best mode may not fall within the scope of theinvention as specified by the claims. Those skilled in the art willappreciate that the features described above can be combined in variousways to form multiple variations of the invention. Thus, the inventionis not limited to the specific embodiments described above, but only bythe following claims and their equivalents.

What is claimed is:
 1. A method to generate and use cryptography keysfor a wireless user device, the method comprising: generating qubits;transferring the qubits to the wireless user device; determiningpolarization states for the qubits; exchanging cryptography informationwith the wireless user device; generating the cryptography keys based onpolarization states and cryptography information; encrypting data basedon the cryptography keys and transferring the encrypted data to thewireless user device; and receiving additional encrypted data from thewireless user device and decrypting the additional encrypted data basedon the cryptography keys.
 2. The method of claim 1 wherein transferringthe qubits to the wireless user device comprises transferring the qubitsto the wireless user device over an optical communication interface. 3.The method of claim 1 wherein exchanging the cryptography informationwith the wireless user device comprises exchanging the cryptographyinformation with the wireless user device over a wireless communicationlink.
 4. The method of claim 1 wherein the wireless user devicecomprises a vehicle.
 5. The method of claim 1 wherein the wireless userdevice comprises an aerial vehicle.
 6. The method of claim 1 wherein thewireless user device comprises a computer.
 7. The method of claim 1wherein the wireless user device comprises a robot.
 8. A method togenerate and use cryptography keys in a wireless user device, the methodcomprising: receiving qubits from wireless communication network;determining polarization states for the qubits; exchanging cryptographyinformation with the wireless communication network; generating thecryptography keys based on the polarization states and the cryptographyinformation; encrypting data based on the cryptography keys andtransferring the encrypted data to the wireless communication network;and receiving additional encrypted data from the wireless communicationnetwork and decrypting the additional encrypted data based on thecryptography keys.
 9. The method of claim 8 wherein receiving the qubitsfrom the wireless communication network comprises receiving the qubitsfrom the wireless communication network over an optical communicationinterface.
 10. The method of claim 8 wherein exchanging the cryptographyinformation with the wireless communication network comprises exchangingthe cryptography information with the wireless communication networkover a wireless communication link.
 11. The method of claim 8 whereinthe wireless user device comprises a vehicle.
 12. The method of claim 8wherein the wireless user device comprises an aerial vehicle.
 13. Themethod of claim 8 wherein the wireless user device comprises a computer.14. The method of claim 8 wherein the wireless user device comprises arobot.
 15. A wireless communication system to generate and usecryptography keys for a wireless user device, the wireless communicationsystem comprising: a wireless communication network to generate andtransfer qubits to the wireless user device; the wireless user device toreceive the qubits from the wireless communication network; the wirelesscommunication network to determine polarization states for the qubits;the wireless user device to determine the polarization states for thequbits; the wireless communication network to exchange cryptographyinformation with the wireless user device; the wireless user device toexchange the cryptography information with the wireless communicationnetwork; the wireless communication network to generate the cryptographykeys based on the polarization states and the cryptography information;the wireless user device to generate the cryptography keys based on thepolarization states and the cryptography information; the wirelesscommunication network to encrypt data based on the cryptography keys andtransfer the encrypted data to the wireless user device; the wirelessuser device to receive the encrypted data and decrypt the encrypted databased on the cryptography keys; the wireless user device to encryptadditional data based on the cryptography keys and transfer theencrypted additional data to the wireless communication network; and thewireless communication network to receive the encrypted additional dataand decrypt the encrypted additional data based on the cryptographykeys.
 16. The wireless communication system of claim 15 wherein: thewireless communication network is to transfer the qubits to the wirelessuser device over an optical communication interface; and the wirelessuser device is to receive the qubits from the wireless communicationnetwork over the optical communication interface.
 17. The wirelesscommunication system of claim 15 wherein: the wireless communicationnetwork is to exchange the cryptography information with the wirelessuser device over a wireless communication link; and the wireless userdevice is to exchange the cryptography information with the wirelesscommunication network over the wireless communication link.
 18. Thewireless communication system of claim 15 wherein the wireless userdevice comprises a vehicle.
 19. The wireless communication system ofclaim 15 wherein the wireless user device comprises an aerial vehicle.20. The wireless communication system of claim 15 wherein the wirelessuser device comprises a computer.